If you change platform keys, it looks to me like you can brick your system if hardware component drivers that execute during boot are signed by microsoft keys.
Microsoft will make sure many of their partners sign hardware drivers with their keys, to be windows 11 certified of course. No other reason.
They will encourage manufacturers to only allow secure boot in UEFI. Then at some point they will stop signing UEFI loaders, like shim, that linux distros rely on to boot.
Secure Boot is literally configurable. You can create your own key and sign whatever you want with it. See sbctl.
Yes and no. Most firmware this is impossible.
If you change platform keys, it looks to me like you can brick your system if hardware component drivers that execute during boot are signed by microsoft keys.
Microsoft will make sure many of their partners sign hardware drivers with their keys, to be windows 11 certified of course. No other reason.
They will encourage manufacturers to only allow secure boot in UEFI. Then at some point they will stop signing UEFI loaders, like shim, that linux distros rely on to boot.
…and Bob’s your uncle.